NFT: Do not error when desire no elems and set/map doesnt exist

martinkennelly · martinkennelly · commit 4027314cca28 · 2025-05-17T05:14:44.000+01:00
NFT will return error if set/map doesnt exist and we attempt to
flush. Do not fail because in certain scenerios the set/map does
not exist and that is not an error.

Signed-off-by: Martin Kennelly &lt;mkennell@redhat.com&gt;
diff --git a/go-controller/pkg/node/gateway_nftables.go b/go-controller/pkg/node/gateway_nftables.go
@@ -122,7 +122,12 @@ func recreateNFTSet(setName string, keepNFTElems []*knftables.Element) error {
 			tx.Add(elem)
 		}
 	}
-	return nft.Run(context.TODO(), tx)
+	err = nft.Run(context.TODO(), tx)
+	// no error if set is not created and we desire zero NFT elements
+	if knftables.IsNotFound(err) && len(keepNFTElems) == 0 {
+		return nil
+	}
+	return err
 }
 
 func recreateNFTMap(mapName string, keepNFTElems []*knftables.Element) error {
@@ -139,7 +144,12 @@ func recreateNFTMap(mapName string, keepNFTElems []*knftables.Element) error {
 			tx.Add(elem)
 		}
 	}
-	return nft.Run(context.TODO(), tx)
+	err = nft.Run(context.TODO(), tx)
+	// no error if set is not created and we desire zero NFT elements
+	if knftables.IsNotFound(err) && len(keepNFTElems) == 0 {
+		return nil
+	}
+	return err
 }
 
 // getGatewayNFTRules returns nftables rules for service. This must be used in conjunction

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,12 @@ func recreateNFTSet(setName string, keepNFTElems []*knftables.Element) error {`
`122`	`122`	`tx.Add(elem)`
`123`	`123`	`}`
`124`	`124`	`}`
`125`		`- return nft.Run(context.TODO(), tx)`
	`125`	`+ err = nft.Run(context.TODO(), tx)`
	`126`	`+ // no error if set is not created and we desire zero NFT elements`
	`127`	`+ if knftables.IsNotFound(err) && len(keepNFTElems) == 0 {`
	`128`	`+ return nil`
	`129`	`+ }`
	`130`	`+ return err`
`126`	`131`	`}`
`127`	`132`
`128`	`133`	`func recreateNFTMap(mapName string, keepNFTElems []*knftables.Element) error {`
`@@ -139,7 +144,12 @@ func recreateNFTMap(mapName string, keepNFTElems []*knftables.Element) error {`
`139`	`144`	`tx.Add(elem)`
`140`	`145`	`}`
`141`	`146`	`}`
`142`		`- return nft.Run(context.TODO(), tx)`
	`147`	`+ err = nft.Run(context.TODO(), tx)`
	`148`	`+ // no error if set is not created and we desire zero NFT elements`
	`149`	`+ if knftables.IsNotFound(err) && len(keepNFTElems) == 0 {`
	`150`	`+ return nil`
	`151`	`+ }`
	`152`	`+ return err`
`143`	`153`	`}`
`144`	`154`
`145`	`155`	`// getGatewayNFTRules returns nftables rules for service. This must be used in conjunction`